Runtime detection of code modification

Runtime detection of code modification

A new layer for runtime detection of vendor hooks, with respect to a program module, includes mapping of branching instructions and their respective targets. When the program module is compiled, branch instructions are mapped and recorded to generate one or more branch maps. A branch map includes ta...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Malinowski, Joseph V, Owin, Kenneth J, Reed, Thomas C, Reed, David C
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A new layer for runtime detection of vendor hooks, with respect to a program module, includes mapping of branching instructions and their respective targets. When the program module is compiled, branch instructions are mapped and recorded to generate one or more branch maps. A branch map includes target program module addresses (or associated respective placeholders) and respective instruction offsets. At runtime, placeholders are replaced with respective target program module addresses. At runtime, actual branching information is compared to branching information included in the branch map. If a discrepancy is detected between runtime branching information and the corresponding branching information recorded in the branch map, a responsive action is triggered.